Snort mailing list archives
Re: disable /var/log/snort logging
From: Anderson Johnston <andy () umbc edu>
Date: Tue, 6 May 2003 18:36:19 -0400 (EDT)
The -N option should suppress logging (while allowing alerts).
Caveats:
1. I don't know if it will stop logs to mysql, too.
2. The option doesn't seem to be working on my
system (Solaris 8) under Snort 2.0.
- Andy
On Tue, 6 May 2003, Nick White wrote:
Hi All, I'm fairly new with snort, so go easy on me. I'm running snort and logging to mysql just fine. The problem is, it's also logging to /var/log/snort. I need to figure out how to disable this logging to disk. I've looked at all the switches, and I can't seem to figure it out. I tried -A none, but then it stopped alerting to mysql. I also tried -l /dev/null, but it didn't like that one. Snort starts as a service via: /usr/local/bin/snort -u snort -g snort -d -D -c /etc/snort/snort.conf In snort.conf, I log to mysql with: output database: alert, mysql, user=snortusr password=fakepass dbname=snort host=localhost I'm trying to kill snort with as much data as I can throw at it, and it always dies after a few minutes with: May 6 14:54:34 localhost snort: FATAL ERROR: OpenLogFile() => fopen(/var/log/snort/10.10.1.30/UDP:138-138) log file: Not a directory But I KNOW that the snort user has full permission to /var/log/snort. But I don't need logging to disk. It's a waste. I only want it to log to mysql. Thanks for your help! - nick white ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
------------------------------------------------------------------------------ ** Andy Johnston (andy () umbc edu) * pager: 410-678-8949 ** ** Manager of IT Security * PGP key:(afj2002) 4096/8448B056 ** ** Office of Information Technology, UMBC * 4A B4 96 64 D9 B6 EF E3 21 9A ** ** 410-455-2583 (v)/410-455-1065 (f) * 46 1A 37 11 F5 6C 84 48 B0 56 ** ------------------------------------------------------------------------------ ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- disable /var/log/snort logging Nick White (May 06)
- Re: disable /var/log/snort logging Anderson Johnston (May 06)
- <Possible follow-ups>
- RE: disable /var/log/snort logging Nick White (May 07)
- Re: disable /var/log/snort logging Bamm Visscher (May 08)
- RE: disable /var/log/snort logging Joesph Bowling (May 07)
- RE: disable /var/log/snort logging L. Christopher Luther (May 07)
- RE: disable /var/log/snort logging Nick White (May 08)
- RE: disable /var/log/snort logging Nick White (May 08)
- Re: disable /var/log/snort logging Bamm Visscher (May 08)
- RE: disable /var/log/snort logging L. Christopher Luther (May 08)
- RE: disable /var/log/snort logging L. Christopher Luther (May 08)
- RE: disable /var/log/snort logging Nick White (May 08)